The FBI protects and defends the United States against terrorist and foreign intelligence threats, enforces the criminal laws of the United States, and provides criminal justice services to federal, state, municipal, and international agencies and partners. FBI headquarters in Washington, D.C., coordinates activities of more than 30,000 employees in 56 field offices located in major cities throughout the United States, more than 400 resident agencies in smaller cities and towns across the nation, and more than 60 international offices, called “Legal Attaches,” in U.S. embassies worldwide.

Reports Issued

The OIG’s Audit Division examined the FBI’s Foreign Language Translation Program, focusing on the FBI’s progress in improving its ability to translate and review audio, text, and electronic file material collected for its counterterrorism, counterintelligence, and criminal investigative operations.

In 2004 and 2005, OIG audits of the Foreign Language Program found that significant amounts of audio material collected for FBI counterterrorism and counterintelligence operations were awaiting translation, including material collected for the FBI’s highest priority cases. As in our earlier reports, our 2009 audit found that significant amounts of material collected for the FBI’s counterterrorism, counterintelligence, and criminal investigations between FY 2006 and FY 2008 remain unreviewed. In addition, significant portions of audio and electronic file material collected for cases in its two highest-priority counterterrorism and counterintelligence categories remain unreviewed.

According to FBI data, the FBI had reviewed 100 percent of the text pages it collected during this period. However, the FBI did not review 14.2 million (31 percent) of the 46 million electronic files that it collected during this same period. In addition, we found that FBI data indicated it did not review 1.2 million hours (25 percent) of the 4.8 million audio hours it collected for counterterrorism and counterintelligence operations between FY 2003 and FY 2008. We concluded that not translating and reviewing material increased the risk that the FBI would not detect information that may have been important to its counterterrorism and counterintelligence efforts.

Moreover, the FBI still lacks an accurate, consolidated collection and statistical reporting and evaluation system. The FBI relied instead on its field offices to manually report workload data, and we found that this reported data was inconsistent with foreign language workload figures that were reported to executive management. As a result, the FBI cannot accurately determine the precise amount of unreviewed foreign language material.

Our audit also analyzed the FBI’s progress in hiring linguists and found that the number of linguists performing translations for the FBI decreased from 1,338 in March 2005 to 1,298 in September 2008. In addition, in FY 2008 the FBI only met its hiring target for 2 of the 14 critical languages for which it set goals. The FBI’s failure to meet its hiring goals affected its ability to translate all of its collected material and hampered its efforts to reduce the backlog of unreviewed material, including material for its highest priority cases. Our audit found that the FBI’s process to hire contract linguists from FY 2005 through FY 2008 took approximately 19 months, an increase from the 16 months we found it took to complete the hiring process during the period covered by our 2005 audit.

In response to a recommendation in our 2004 audit, the FBI improved its quality control over foreign language translations by creating a unit dedicated to quality control of FBI translations and by establishing a tracking system capable of monitoring compliance with quality control guidelines.

The OIG report made 24 additional recommendations to help the FBI improve its management of its foreign language translation program and its ability to accurately and timely review audio, text, and electronic materials collected for its counterterrorism, counterintelligence, and criminal investigative operations. The FBI agreed with all the recommendations and stated that it would be enhancing its protocols and systems for tracking the review of collected material, as well as implementing new procedures and strengthening existing practices to help ensure the quality of translations and the availability of linguists to review and translate collected material.

The OIG completed a report examining the FBI’s use of exigent letters to obtain telephone records without legal process. The report also identified, for the first time, other informal requests that the FBI used to obtain telephone records improperly. In addition, the report examined the accountability of FBI employees, supervisors, and managers who were responsible for these flawed practices.

Two previous reports by the OIG, issued in March 2007 and March 2008, generally described the FBI’s misuse of national security letters to obtain sensitive records. In those reports, we noted the FBI’s practice of issuing exigent letters, instead of using national security letters (NSLs) or other legal processes, to obtain telephone records from three communications service providers. The exigent letters requested telephone records based on alleged “exigent circumstances,” and often inaccurately stated that grand jury subpoenas already had been sought for the records. Our previous reports concluded that the FBI’s practice of using exigent letters circumvented the requirements of the Electronic Communications Privacy Act (ECPA) governing national security letters and violated the Attorney General Guidelines and FBI policy.

The OIG’s January 2010 report examined in more detail the use of exigent letters that did not comply with legal requirements or FBI policies governing the acquisition of telephone records. The report described how the FBI issued over 700 exigent letters seeking records related to more than 2,000 different telephone numbers from 2003 to 2006. Nearly all of these letters referenced “exigent circumstances” as the basis for the request and asserted that a grand jury subpoena or other legal process had been sought for the records. In some cases, these exigent letters were used in urgent investigations. However, the OIG’s investigation found that, contrary to the statements in the letters, many of the investigations for which the letters were used did not involve emergency or life-threatening circumstances (the standard required under the ECPA for voluntary disclosure), and, also contrary to the letters, subpoenas had not been sought for the records. Moreover, there was no process by which a supervisor reviewed and approved the issuance of exigent letters. In fact, FBI personnel were not even required to retain a copy of the exigent letter.

In addition, the report identified other informal ways by which the telephone service providers gave telephone records to the FBI without legal process. For example, the OIG found that, rather than using NSLs, other legal processes, or even exigent letters, FBI personnel frequently sought and received telephone records based on informal requests made by e-mail, telephone, face-to-face, and even on post-it notes. We found that the FBI’s Communications Analysis Unit (CAU) personnel made such informal requests for records associated with at least 3,500 telephone numbers, although we could not determine the full scope of this practice because of the FBI’s inadequate record-keeping.

The FBI also obtained telephone records using a practice referred to by the FBI and the providers as “sneak peeks,” whereby the on-site communications service providers’ employees would check their records and provide a preview of the available information for a targeted phone number, without documentation of any justification for the request from the FBI and often without documentation of the fact of the request. At times, the service providers’ employees simply invited FBI personnel to view the telephone records on their computer screens.

Virtually none of these FBI requests for telephone records – either the exigent letters or the other informal requests – was accompanied by documentation explaining the authority for the requests or the investigative reasons why the records were needed, and many of the requests lacked information as basic as date ranges. This resulted in the FBI obtaining substantially more telephone records covering longer periods of time than it would have obtained had it complied with the NSL process, including records that were not relevant to the underlying investigations. Many of these records were uploaded into FBI databases.

Our report described other troubling practices, such as the FBI’s use of “community of interest” requests without first determining that the requested records were relevant to authorized investigations, and “hot number” requests that we believe also violated the ECPA. We also uncovered misuse of FBI administrative subpoenas for telephone records. Moreover, we found that the FBI had made inaccurate statements to the FISA Court. In several instances, the FBI submitted affidavits to the Court that information in FISA applications was obtained through NSLs or a grand jury subpoena, when in fact the information was obtained by other means, such as exigent letters.

Additionally, the report described three FBI media leak investigations in which the FBI sought, and in two cases received, telephone toll billing records or calling activity information for telephone numbers assigned to reporters, without first obtaining required approval from the Attorney General. In one of these cases, the FBI loaded the records it obtained in response to an exigent letter into a database, where the records remained for more than 3 years. The records were not removed until OIG investigators notified the FBI that the records had been improperly obtained.

Our report concluded that serious lapses in training, supervision, and oversight led to the FBI and the Department issuing these requests for the reporters’ records without following legal requirements and their own policies. In general, the OIG found that FBI officials’ oversight of the use of exigent letters and other informal requests, and the FBI’s initial attempts at corrective action, were seriously deficient, ill-conceived, and poorly executed. From 2003 through 2006, FBI officials repeatedly failed to take steps to ensure that the FBI’s requests for telephone records were consistent with the ECPA, the Attorney General Guidelines, and Department policy. When FBI attorneys became aware of the practice of using exigent letters, they failed to stop it, participated in the ill-conceived efforts to remedy the problem after the fact, and provided legal advice to the CAU that was inconsistent with the ECPA, the Attorney General Guidelines, and FBI policy. FBI officials also attempted to remedy the FBI’s failure to serve legal process through legally deficient, after-the-fact blanket NSLs intended to “cover” the records it had previously requested.

It is important to note that after the OIG issued our first report in March 2007 on the FBI’s misuse of national security letters, the FBI ended the use of exigent letters, issued clear guidance on the use of national security letters and on the proper procedures for requesting records in circumstances qualifying as emergencies under the ECPA, provided training on this guidance, moved the three service providers out of FBI offices, and expended significant effort to determine whether improperly obtained records should be retained or purged from FBI databases. The FBI should be credited for these actions.

However, as a result of further deficiencies we uncovered in this review, we recommended that the FBI and the Department take additional action to ensure that FBI personnel comply with the statutes, guidelines, and policies governing the FBI’s authority to request and obtain telephone records and to prevent past abuses from recurring.

The OIG’s report contains 13 recommendations, including that the FBI issue periodic guidance and training relating to the authority of FBI employees to obtain telephone records, ensure that requests for information made pursuant to contracts with telephone service providers comply with federal law and Department policies, and implement other corrective action to address the findings of this report. The FBI concurred with the recommendations and has begun taking action to address them.

Status of the FBI’s Implementation of the Sentinel Project

During this reporting period, the OIG’s Audit Division released two status reports examining the FBI’s ongoing development of its Sentinel case management project. The Sentinel program is intended to upgrade the FBI’s electronic case management system and provide the FBI with an automated workflow process.

In November 2009, the OIG released its fifth audit report on the Sentinel project. This audit focused on the FBI’s progress towards implementing the second of Sentinel’s four phases. Phase 2 originally was intended to deliver eight electronic forms, implement more efficient work processes, and begin the migration of administrative case data currently in the FBI’s Automated Case Support System to Sentinel.

The November audit found that the FBI’s development of Sentinel has continued to progress, and the FBI had addressed most of the concerns identified in our previous four audit reports on Sentinel. However, in the audit report we identified several new areas of concern with the overall progress of Sentinel and, in particular, the implementation of Phase 2 of the project.

In our November audit, we also determined that while the FBI’s estimate of Sentinel’s overall cost had not increased from $451 million since we issued our December 2008 report, the FBI increased its projected cost for Phase 2 to $155 million, $18 million more than budgeted. The FBI reported to us that it planned to reallocate costs from other project areas, including the management risk reserve, to offset the $18 million increase in Phase 2 development costs. We also reported that, as a result of the replanning of the remainder of Phase 2, some deliverables originally scheduled for Phase 2 had been deferred to later phases of the project.

We reported in our November 2009 audit that the FBI’s revised schedule extended the estimated completion date for Phase 2 of Sentinel by 3 months more than previously reported and extended the overall project completion date to September 2010, 9 months later than originally planned. In addition, we reported that the FBI increased its projected cost for Phase 2 to $155 million, $18 million more than budgeted. The FBI reported to us that it planned to reallocate costs from other project areas, including the management risk reserve, to offset the $18 million increase in Phase 2 development costs. As a result of the replanning of the remainder of Phase 2, some deliverables originally scheduled for Phase 2 were deferred to later phases of the project.

In March 2010, the OIG issued its sixth report examining the Sentinel case management system. This report identified serious concerns about the progress of the FBI’s Sentinel project that had arisen since our November 2009 audit. Specifically, the FBI had not completed Phase 2 of the project and had suspended work on portions of Sentinel’s third phase and all of its fourth phase because of concerns the FBI had with the usability, performance, and quality of the deliverables provided in an effort to complete Sentinel’s second phase.

While the FBI did not have official revised cost or schedule estimates for completing Sentinel, FBI officials acknowledged that Sentinel would cost more than the $451 million budgeted for the project and that Sentinel would likely not be completed until 2011.

Because of continuing significant issues regarding Sentinel’s Phase 2 that was delivered to the FBI on March 3, 2010, the FBI issued a partial stop work order for portions of Phase 3 and all of Phase 4. The stop work order returned Phase 2 of the project from an operations and maintenance phase to a development phase.

Our report acknowledged that the FBI was taking some steps to improve Sentinel’s chances for success, including the use of independent assessments, performed by other contractors of the primary contractor’s deliverables. However, our report identified major issues that the FBI needs to address. For example, the FBI did not have a documented strategic plan outlining how it will transfer remaining case file data from its Automated Case Support system to Sentinel. We also reported our concern that the FBI has either discontinued or delayed some of the internal assessments of Sentinel’s progress that it previously was performing on a routine basis, which could compromise the FBI’s ability to perform real-time evaluations of the project’s development and apply appropriate risk management strategies.

Given the importance of Sentinel to the future of FBI operations, we concluded that the FBI must ensure that its revisions to Sentinel’s budget, schedule, and requirements are realistic, achievable, and satisfactory to its users, and the FBI must also ensure that users’ concerns and perspectives are integrated into all phases of the remaining development of Sentinel.

The FBI’s Combined DNA Index System (CODIS) is a national information repository that stores DNA specimen information to facilitate its exchange by federal, state, and local law enforcement agencies. During this reporting period, the OIG audited several state and local laboratories that participate in CODIS to determine if they comply with the FBI’s Quality Assurance Standards and National DNA Index System (NDIS) participation requirements. Additionally, we evaluated whether the laboratories’ DNA profiles in CODIS databases were complete, accurate, and allowable for inclusion in NDIS. Below are examples of our audit findings:

The Southwestern Institute of Forensic Sciences Laboratory in Dallas, Texas, did not strictly adhere to all of the NDIS participation requirements we reviewed. We found that the laboratory: 1) failed to store the CODIS server backup media in a locked container at an off-site location on a monthly basis, 2) improperly allowed an analyst to use CODIS for 1 year when that analyst had not received the requisite authorization from the FBI to use the system, 3) did not forward its most recent external audit report to the FBI within the required time frame, and 4) was untimely in resolving 8 of the 17 CODIS matches we selected for review. In addition, in our sample of 103 profiles, we found that 35 of the laboratory’s CODIS profiles were inaccurate, unallowable, or incomplete. As a result of our audit, the laboratory stated it would begin making monthly backup tapes of the CODIS server and would store them in a locked container at a secure off-site facility, confirmed that the unauthorized CODIS user is no longer employed at the laboratory, and deleted all 35 profiles that we questioned.

The Indian River Crime Laboratory in Fort Pierce, Florida, was generally in compliance with the standards governing CODIS activities. The audit found that, of the six matches we reviewed, the Laboratory did not notify investigators of one match until 22 calendar days after the match was confirmed. In addition, in our review of a sample of 50 out of 196 forensic profiles the Laboratory had uploaded to NDIS as of April 21, 2009, we found that 1 was unallowable for upload and 1 had an incorrect specimen number. The FBI stated it would work with the laboratory to address the report’s recommendations.

Investigations

During this reporting period, the OIG received 846 complaints involving FBI personnel. The most common allegations made against FBI employees were violations of intelligence-gathering standards, job performance failure, waste, and misuse of government property. The OIG opened 21 cases. The majority of the complaints received this period were considered management issues and were forwarded to FBI management for its review and any appropriate action.

At the close of the reporting period, the OIG had 57 open criminal or administrative investigations of alleged misconduct related to FBI employees. The criminal investigations covered a wide range of offenses, including release of information, false statements, and job performance failure. The administrative investigations involved serious allegations of misconduct. The following are examples of cases involving the FBI that the OIG’s Investigations Division handled during this reporting period:

An investigation by the OIG’s San Francisco Area Office determined that an FBI assistant special agent in charge (ASAC) engaged in an inappropriate relationship with an FBI confidential source and stole jewelry that had been seized during an FBI investigation. During an OIG interview, the ASAC admitted that he began an inappropriate sexual relationship with his confidential source while she was still an active source, accepted gifts from her, and utilized FBI undercover apartments to further the relationship. He also admitted that he stole jewelry that was seized from subjects of a criminal investigation and had his confidential source sell the jewelry. The confidential source recalled selling at least two gold watches and a diamond ring in exchange for approximately $10,000, most of which she gave to the ASAC. The case was declined for prosecution because the statute of limitations had expired before discovery of the ASAC’s misconduct; however, he retired from the FBI as a result of our investigation.

A joint investigation by the OIG’s Washington Field Office and the FBI Internal Investigations Section resulted in the arrest of an FBI supervisory special agent in the District of Columbia on charges of making false statements. The investigation revealed that the agent submitted travel vouchers over a 15-month period claiming more than $41,000 for lodging expenses while on temporary duty in Virginia. The claimed expenses, supported by fictitious rental agreements and receipts, were fraudulent because the agent actually permanently resided at two locations in Maryland that were within the same metropolitan area as his temporary duty assignment in Virginia. The agent pled guilty and was sentenced to 180 days of home monitoring and 5 years of probation. He was also ordered to perform 400 hours of community service and pay $41,658.57 in restitution. He resigned his position with the FBI as a result of our investigation.

Ongoing Work

The FBI’s Efforts to Combat National Security Cyber Threats

The OIG is examining the FBI’s efforts to combat cyber intrusions that threaten national security. The review assesses the development and operation of the National Cyber Investigative Joint Task Force, as well as the capabilities of FBI field offices to investigate national security cyber cases.

The FBI’s Implementation of the Sentinel Project

The OIG is continuing its evaluations of the development and implementation of the Sentinel information technology project.

The FBI’s Forensic DNA Backlog

The OIG is examining the FBI’s efforts to reduce its backlog of forensic DNA samples.

The FBI’s Activities Under Section 702 of the FISA Amendments Act of 2008

Section 702 of the FISA Amendments Act of 2008 (Act) authorizes targeting non-U.S. persons reasonably believed to be outside the United States to acquire foreign intelligence information. As required by the Act, the OIG is examining the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity, the number of U.S. person identities subsequently disseminated in response to requests for identities not referred to by name or title in the original reporting, the number of targets later determined to be located in the United States, and whether communications of such targets were reviewed. In addition, the OIG is examining the FBI’s compliance with the targeting and minimization procedures required under the Act.

The FBI’s Investigation of Certain Advocacy Groups

The OIG is reviewing allegations that the FBI targeted certain domestic advocacy groups for scrutiny based upon their exercise of rights guaranteed under the First Amendment of the U.S. Constitution.

The OIG is conducting a follow-up review to determine the FBI’s progress in implementing the recommendations contained in our March 2006 report, “A Review of the FBI’s Handling of the Brandon Mayfield Case.” The report made 18 recommendations related to the FBI Laboratory Division’s Latent Print Unit and a series of systemic issues we determined contributed to the misidentification of a latent fingerprint associated with the 2004 terrorist attacks on commuter trains in Madrid, Spain.